N.S.A. Latest: The Secret History of Domestic Surveillance

On a day when President Obama said “I’m not going to be scrambling any jets to get a twenty-nine-year-old hacker”—thank goodness for that—the Guardian’s Glenn Greenwald and Spencer Ackerman have published another set of N.S.A. documents that detail how the Agency’s domestic-surveillance programs have evolved over the past decade or so. The documents presumably came from Edward Snowden, although the Guardian reports don’t say so explicitly.

The headline news is that, for two years of the Obama Administration—from 2009 to 2011—the N.S.A. continued a previously undisclosed Bush-era program that enabled the Agency to sweep up vast amounts of information about American citizens’ Internet use. This included whom they were e-mailing with and which computers they were using. The program, which went under the code name “Stellar Wind,” was ended in 2011, and hasn’t been restarted, a senior Administration official told the newspaper.

For those of us who are concerned about this stuff, it’s depressing to think that the Administration, in addition to allowing the N.S.A. to collect vast amounts of metadata about Americans’ personal phone calls, also preserved a program to track U.S. citizens’ Internet usage. (In the case of an e-mail, metadata includes the names of the sender and all of the recipients, plus the I.S.P. address of the device used to access the Internet. The subject line and what the e-mail says are considered “content,” and under operation Stellar Wind, at least, they weren’t collected.) On the other hand, the online metadata-collection program was ended in 2011, although exactly why that happened isn’t clear. Shawn Turner, the Obama Administration’s director of communications for national intelligence, told the Guardian that operation Stellar Wind was stopped for “operational and resource reasons,” but he didn’t specify what these were.

In a separate story, Greenwald and Ackerman reported that the new documents confirm that the N.S.A., in targeting suspects overseas and those they communicate with, still mines vast amounts of online data from American citizens. Thanks to the previous revelations about Operation Prism, we sort of knew this. But the new documents add some telling details about the scale of the online snooping. For example, by the end of last year, one particular N.S.A. Internet tracking program called ShellTrumpet (there appear to have been many others) had already processed a trillion (1,000,000,000,000) metadata records.

If you, like me, are wondering how things came to this, the documents, which include a top-secret draft of a 2009 historical review by the N.S.A.’s Inspector General, provide some of the answers. Indeed, that may well be their most lasting contribution. As you might have guessed, it all goes back to the immediate aftermath of the 9/11 attacks, when George W. Bush issued an internal order with this title:

AUTHORIZATION FOR SPECIFIED ELECTRONIC SURVEILLANCE ACTIVITIES DURING A LIMITED PERIOD TO DETECT AND PREVENT ACTS OF TERRORISM WITHIN THE UNITED STATES

According to the Inspector General’s report, the order was drafted by David Addington, the chief counsel to Vice-President Dick Cheney. General Michael Hayden, who was the director of the N.S.A. from 1999 until 2005, “suggested that the ability to collect information with one end in the United States without a court order would increase NSA’s speed and agility,” the report says. “General Hayden stated that after two additional meetings with the Vice President, the Vice President asked him to work with his counsel, David Addington.”

In retrospect, what’s most notable about the order President Bush signed are the restrictions it contained. Originally, it lasted for just thirty days, and was limited to online communications in which at least one of the communicants was located outside the United States. Moreover, it was explicitly based on “the President’s determination that after the 11 September 2001 terrorist attacks in the United States, an extraordinary emergency existed for national defense purposes.” Over time, though, the “extraordinary emergency” was deemed a permanent state of affairs, and the scope of the authorization was broadened until, eventually, it came to include even the collection of data from communications between American citizens located inside the United States.

For a few years, the online surveillance didn’t have any court approval. “NSA determined that FISA authorization did not allow sufficient flexibility to counter the terrorist threat,” the Inspector General’s report said. In March, 2004, senior officials at the Justice Department, including James Comey, who was then the acting Attorney General, and who has recently been nominated to head the F.B.I., objected to this system, prompting the White House and the N.S.A. to bring Stellar Wind to a halt.

But things didn’t end there. As the documents show, and as a must-read piece by Spencer Ackerman explains, the N.S.A. and the White House quickly found a way to bring the online-surveillance operations under the ambit of regular intelligence laws, and barely three months later, in July, 2004, the chief judge in the FISA courts, Colleen Kollar-Kotelly, granted the N.S.A. authority to once again begin collecting online metadata. “Although NSA lost access to the bulk metadata from 26 March 2004 until the order was signed, the order essentially gave NSA the same authority to collect bulk internet metadata that it had,” the Inspector General’s report says, “except that it specified the datalinks from which NSA could collect, and it limited the number of people that could access the data.”

Still, the N.S.A. chafed at the remaining legal restrictions on accessing data from American citizens communicating online with other American citizens. In a November, 2007, memorandum, which the Guardian has also posted online, a lawyer at the Justice Department, Kenneth Wainstein, told Michael Mukasey, the New York judge who had recently taken over as Attorney General, that the N.S.A. wanted a new set of procedures that would give the Agency considerably broader authorization. The memo said:

The Supplemental Procedures, attached at Tab A, would clarify that the National Security Agency (NSA) may analyze communications metadata associated with United States persons and persons believed to be in the United States…We conclude that the proposed Supplemental Procedures are consistent with the applicable law and we recommend that you approve them.

The memo argued that the new set of procedures, because they covered online metadata rather than actual content, didn’t violate the Fourth Amendment’s right to privacy, and neither did they need the approval of the FISA courts: “To fall within FISA’s definition of ‘electronic surveillance,’ an action must satisfy one of the four definitions of that term. None of these definitions cover the communications metadata analysis at issue here.”

Evidently, Mukasey approved the new procedures, and they formed the legal basis of operation Stellar Wind, which continued until 2011. But it also seems that the FISA courts did, eventually, approve the program. According to the Guardian’s account, a FISA judge issued a legal order every ninety days approving the collection, in bulk, of online metadata. Why the court did this, and whether it registered any objections to or demanded any changes in the N.S.A.’s actions, we don’t know. The FISA court’s deliberations, unlike a lot of other things, remain shrouded in secrecy.

Above: James Comey at the White House on June 21, 2013. Photograph by Evan Vucci/A.P.